Файл: inc/system/auth.php
Строк: 20
<?
if(isset($_POST['nick']) && isset($_POST['password']))
{
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `nick` = '".my_esc($_POST['nick'])."' AND `password` = '".md5($_POST['password'])."' LIMIT 1"),0)==0)err_game("Неверные данные");
else
{
$user =mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_user` WHERE `nick` = '".my_esc($_POST['nick'])."' AND `password` = '".md5($_POST['password'])."'"));
$id=$user['id'];
$pass = md5($_POST['password']);
setcookie('id', $id, time() + 84600 * 365, '/');
setcookie('pass', $pass, time() + 84600 * 365, '/');
header("Location:/garden/");
exit;
}
}
?>
<center><br><br>
<form method="post"><ul>
<li>
<label>Имя<br>
<input type="text" value="" name="nick">
</label>
</li>
<label>Пароль<br>
<input type="password" value="" name="password">
</label>
</li>
<li class="pt">
<input type="submit" value="Войти"><br />
<a href="/recovery">Забыли пароль?</a>
</li>
</ul>
</form>
</center>
<div class="pt">
<ul>
<li>
</ul>
</div>
</div>
<?
echo "</div></div><div class='rzd2'>
</div>
<div class='foot-box'><div class='foot-box'>";
echo "Онлайн</span> <b>".mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `date_last` > '".(time()-3600)."'"), 0)."</b>, регистраций
<b>".mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user`"), 0)."</b><br>";
echo "Территория фермеров</a> <br/>";
echo '<a href="/contact/">Контакты</a><br /><br>';
//счётчик
echo '<center><a href="http://topek.us/go/233"><img src="http://topek.us/image/233" alt="topek.us"/></a></div></center>';
//$date = date("d $m");
//$today[1] = date("H:i:s");
//echo(" $date $today[1]");
echo'</div>';
exit;
?>